[Swan] The issue of connecting to Libreswan VPN from Android

Wed Dec 7 11:57:50 EET 2022

Dears,

There's a big issue of Android phone connecting to Libreswan deployed on Ubuntu 18.04 which is based on AWS EC2 recently. But the connection was successful before August 2022. Neither Xauth-PSK nor L2TP/IPSec PSK works. I can't find the right answer from those troubleshoot blogs online.
Can anyone help answer how to fix this problem, please?

the auth.log is following:
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: responding to Main Mode from unknown peer 223.104.68.17:56380
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: WARNING: connection xauth-psk PSK length of 20 bytes is too short for HMAC_SHA2_384 PRF in FIPS mode (24 bytes required)
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [AES_CBC (256), HMAC_SHA2_384, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [AES_CBC (256), HMAC_SHA2_256, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: WARNING: connection xauth-psk PSK length of 20 bytes is too short for HMAC_SHA2_512 PRF in FIPS mode (32 bytes required)
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [AES_CBC (256), HMAC_SHA2_512, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [AES_CBC (256), HMAC_SHA1, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [AES_CBC (256), HMAC_MD5, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: WARNING: connection xauth-psk PSK length of 20 bytes is too short for HMAC_SHA2_512 PRF in FIPS mode (32 bytes required)
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [AES_CBC (128), HMAC_SHA2_512, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: WARNING: connection xauth-psk PSK length of 20 bytes is too short for HMAC_SHA2_384 PRF in FIPS mode (24 bytes required)
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [AES_CBC (128), HMAC_SHA2_384, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [AES_CBC (128), HMAC_SHA2_256, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [AES_CBC (128), HMAC_SHA1, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [AES_CBC (128), HMAC_MD5, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [3DES_CBC (192), HMAC_SHA2_256, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: Oakley Transform [3DES_CBC (192), HMAC_MD5, MODP1024] refused
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: OAKLEY_DES_CBC(UNUSED) is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: message repeated 2 times: [ "xauth-psk"[1] 223.104.68.17 #1: OAKLEY_DES_CBC(UNUSED) is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM]
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: no acceptable Oakley Transform
Dec  7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: sending notification NO_PROPOSAL_CHOSEN to 223.104.68.17:56380
Dec  7 09:24:15 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17 #1: discarding initial packet; already STATE_MAIN_R0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221207/fed94b15/attachment.htm>